Snapchat hacked days after warning

The hacker or hackers said the data was published to prompt Snapchat to fix a security hole that it was aware of and had been warned could be exploited.
Photo: AFP

The user names and phone numbers of more than 4.6 million Snapchat users were posted online this week by an anonymous hacker, just days after the Los Angeles startup was warned that such a data compromise could happen.

On a website called SnapchatDB, which may be run by an individual or a group, files containing Snapchat users' information were posted on Wednesday. The website has since been taken down, but while it was live, users could download the data in SQL or CSV format.

The data contained the user names and associated phone numbers of many users, all located within North America but primarily in the US. The final two digits of each phone number were also censored to offer the affected users some protection.

The hacker or hackers said the data was published to prompt Snapchat to fix a security hole that it was aware of and had been warned could be exploited.

"Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed," SnapchatDB told tech website The Verge. "Security matters as much as user experience does."

Snapchat was warned by a group called Gibson Security on Christmas Eve that its mobile application contained a security flaw that could expose its users in the exact way that SnapchatDB managed to do. Days after the warning, Snapchat acknowledged the vulnerability on a company blog, but played down the seriousness of the security hole.

"Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the US, they could create a database of the results and match user names to phone numbers that way," Snapchat said in the blog post, which was posted on Friday.

"Over the past year, we've implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse."